General
-
Target
c3957982acca86c31eefc4e82b586cc0N.exe
-
Size
266KB
-
Sample
240723-q3jx7awdle
-
MD5
c3957982acca86c31eefc4e82b586cc0
-
SHA1
15ecfc4b2d6744a37df13749652fb53eb2701374
-
SHA256
fadd3924c86d093fb1c3d1219cf8d00266913c68f7dcf8bec5f46fd89a283db9
-
SHA512
eb16d44e65a477cde38e6e1907b3e68a4c135853b0db5e7acc422d663a15f31252f9277fd777e8a870db2ba81dee18327e098dd5568e046e334a7a35bf8a824d
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/z:WFzDqa86hV6uRRqX1evPlwAb
Malware Config
Targets
-
-
Target
c3957982acca86c31eefc4e82b586cc0N.exe
-
Size
266KB
-
MD5
c3957982acca86c31eefc4e82b586cc0
-
SHA1
15ecfc4b2d6744a37df13749652fb53eb2701374
-
SHA256
fadd3924c86d093fb1c3d1219cf8d00266913c68f7dcf8bec5f46fd89a283db9
-
SHA512
eb16d44e65a477cde38e6e1907b3e68a4c135853b0db5e7acc422d663a15f31252f9277fd777e8a870db2ba81dee18327e098dd5568e046e334a7a35bf8a824d
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/z:WFzDqa86hV6uRRqX1evPlwAb
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-